Uber: Chain of IDORs Between U4B and Vouchers APIs Allows Attackers to View and Modify Program/Voucher Policies and to Obtain Organization Employees' PII
The security researchers discovered a number of connected IDORs in the Uber business and voucher applications. By chaining these vulnerabilities together, the researchers could retrieve information related to existing voucher policies and modify those policies for monetary gain, such as for free...